authorizer/server/handlers/revoke_refresh_token.go

package handlers

import (
	"net/http"
	"strings"

	"github.com/gin-gonic/gin"
	log "github.com/sirupsen/logrus"

	"github.com/authorizerdev/authorizer/server/constants"
	"github.com/authorizerdev/authorizer/server/memorystore"
	"github.com/authorizerdev/authorizer/server/token"
)

// RevokeRefreshTokenHandler handler to revoke refresh token
func RevokeRefreshTokenHandler() gin.HandlerFunc {
	return func(gc *gin.Context) {
		var reqBody map[string]string
		if err := gc.BindJSON(&reqBody); err != nil {
			log.Debug("Error binding JSON: ", err)
			gc.JSON(http.StatusBadRequest, gin.H{
				"error":             "error_binding_json",
				"error_description": err.Error(),
			})
			return
		}
		// get client ID
		clientID := strings.TrimSpace(reqBody["client_id"]) // kept for backward compatibility // else we expect to be present as header
		if clientID == "" {
			clientID = gc.Request.Header.Get("x-authorizer-client-id")
		}
		// get fingerprint hash
		refreshToken := strings.TrimSpace(reqBody["refresh_token"])

		if clientID == "" {
			log.Debug("Client ID is empty")
			gc.JSON(http.StatusBadRequest, gin.H{
				"error":             "client_id_required",
				"error_description": "The client id is required",
			})
			return
		}

		if client, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyClientID); client != clientID || err != nil {
			log.Debug("Client ID is invalid: ", clientID)
			gc.JSON(http.StatusBadRequest, gin.H{
				"error":             "invalid_client_id",
				"error_description": "The client id is invalid",
			})
			return
		}

		claims, err := token.ParseJWTToken(refreshToken)
		if err != nil {
			log.Debug("Client ID is invalid: ", clientID)
			gc.JSON(http.StatusBadRequest, gin.H{
				"error":             err.Error(),
				"error_description": "Failed to parse jwt",
			})
			return
		}

		userID := claims["sub"].(string)
		loginMethod := claims["login_method"]
		sessionToken := userID
		if loginMethod != nil && loginMethod != "" {
			sessionToken = loginMethod.(string) + ":" + userID
		}

		memorystore.Provider.DeleteUserSession(sessionToken, claims["nonce"].(string))

		gc.JSON(http.StatusOK, gin.H{
			"message": "Token revoked successfully",
		})
	}
}
feat: add revoke mutation + handler 2022-03-08 13:19:42 +00:00			`package handlers`

			`import (`
			`"net/http"`
			`"strings"`

feat: add logs for http handlers 2022-05-23 06:22:51 +00:00			`"github.com/gin-gonic/gin"`
			`log "github.com/sirupsen/logrus"`

feat: add revoke mutation + handler 2022-03-08 13:19:42 +00:00			`"github.com/authorizerdev/authorizer/server/constants"`
fix: move sessionstore -> memstore 2022-05-27 17:50:38 +00:00			`"github.com/authorizerdev/authorizer/server/memorystore"`
fix: user session access 2022-06-11 18:57:21 +00:00			`"github.com/authorizerdev/authorizer/server/token"`
feat: add revoke mutation + handler 2022-03-08 13:19:42 +00:00			`)`

fix: rename revoke refresh token handler for better reading 2022-07-11 05:40:30 +00:00			`// RevokeRefreshTokenHandler handler to revoke refresh token`
			`func RevokeRefreshTokenHandler() gin.HandlerFunc {`
feat: add revoke mutation + handler 2022-03-08 13:19:42 +00:00			`return func(gc *gin.Context) {`
			`var reqBody map[string]string`
			`if err := gc.BindJSON(&reqBody); err != nil {`
feat: add logs for http handlers 2022-05-23 06:22:51 +00:00			`log.Debug("Error binding JSON: ", err)`
feat: add revoke mutation + handler 2022-03-08 13:19:42 +00:00			`gc.JSON(http.StatusBadRequest, gin.H{`
			`"error": "error_binding_json",`
			`"error_description": err.Error(),`
			`})`
			`return`
			`}`
Update tests 2024-04-02 09:55:11 +00:00			`// get client ID`
			`clientID := strings.TrimSpace(reqBody["client_id"]) // kept for backward compatibility // else we expect to be present as header`
			`if clientID == "" {`
			`clientID = gc.Request.Header.Get("x-authorizer-client-id")`
			`}`
feat: add revoke mutation + handler 2022-03-08 13:19:42 +00:00			`// get fingerprint hash`
			`refreshToken := strings.TrimSpace(reqBody["refresh_token"])`

			`if clientID == "" {`
feat: add logs for http handlers 2022-05-23 06:22:51 +00:00			`log.Debug("Client ID is empty")`
feat: add revoke mutation + handler 2022-03-08 13:19:42 +00:00			`gc.JSON(http.StatusBadRequest, gin.H{`
			`"error": "client_id_required",`
			`"error_description": "The client id is required",`
			`})`
			`return`
			`}`

fix: update store method till handlers 2022-05-29 11:52:46 +00:00			`if client, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyClientID); client != clientID \|\| err != nil {`
fix: format logs 2022-05-25 07:00:22 +00:00			`log.Debug("Client ID is invalid: ", clientID)`
feat: add revoke mutation + handler 2022-03-08 13:19:42 +00:00			`gc.JSON(http.StatusBadRequest, gin.H{`
			`"error": "invalid_client_id",`
			`"error_description": "The client id is invalid",`
			`})`
			`return`
			`}`

fix: user session access 2022-06-11 18:57:21 +00:00			`claims, err := token.ParseJWTToken(refreshToken)`
			`if err != nil {`
			`log.Debug("Client ID is invalid: ", clientID)`
			`gc.JSON(http.StatusBadRequest, gin.H{`
			`"error": err.Error(),`
			`"error_description": "Failed to parse jwt",`
			`})`
			`return`
			`}`

fix: add namespace to session token keys 2022-06-29 16:54:00 +00:00			`userID := claims["sub"].(string)`
			`loginMethod := claims["login_method"]`
			`sessionToken := userID`
			`if loginMethod != nil && loginMethod != "" {`
			`sessionToken = loginMethod.(string) + ":" + userID`
			`}`

			`memorystore.Provider.DeleteUserSession(sessionToken, claims["nonce"].(string))`
feat: add revoke mutation + handler 2022-03-08 13:19:42 +00:00
			`gc.JSON(http.StatusOK, gin.H{`
			`"message": "Token revoked successfully",`
			`})`
			`}`
			`}`